PrisonLocker Another file-locking Malware

PrisonLocker / PowerLocker, are new variant of malwares detected that infected about 250,000 computers in the US and Western Europe from September to December 2013. The malicious code is similar to CryptoLocker which encrypts documents on the hard drive.

This type of attack allows malware writer’s to make money by locking victim’s computer and encrypt important files. The only way to decrypt these files is by purchasing the key to decrypt the files. The interesting that the cost for keys started originally at 2 BTC, but as there were many cases rate the price decreased to 1 Bitcoins BTC, 0,5 BTC and , finally , 0,3 BTC.

PrisonLocker / PowerLocker application will encrypt not only documents, but also videos, photos and other files on your computer using BlowFish. Each key is protected by RSA- 2048 encryption.

The locked files can be unlocked from remote C&C servers controlled by attacker so by receiving the correct payment code they remove the encryption on victim computer. The malware is able to detect virtual environments and sandbox to avoid being reversed by antimalware labs.

Program disables the Windows key and Escape key on your keyboard to avoid user actions during the encryption process. It also kills taskmgr.exe, regedit.exe, cmd.exe, explorer.exe and msconfig.exe processes and continuously monitors these processes.